compilable code again...

cmd/devguard-cli/commands/risk.go

@@ -60,16 +60,16 @@ func newCalculateCmd() *cobra.Command {
 
 			if shouldCalculateHistory {
 				slog.Info("recalculating risk history")
-				// fetch all assets
-				assets, err := assetRepository.GetAllAssetsFromDB()
+				// fetch all assetVersions
+				assetVersions, err := assetVersionRepository.GetAllAssetsVersionFromDB(nil)
 				if err != nil {
 					slog.Error("could not fetch assets", "err", err)
 					return
 				}
 
-				for _, asset := range assets {
-					slog.Info("recalculating risk history for asset", "asset", asset.ID)
-					if err := statisticService.UpdateAssetRiskAggregation(asset.ID, asset.CreatedAt, time.Now(), true); err != nil {
+				for _, version := range assetVersions {
+					slog.Info("recalculating risk history for asset", "assetVersionName", version.Name, "assetID", version.AssetId)
+					if err := statisticService.UpdateAssetRiskAggregation(version.Name, version.AssetId, version.CreatedAt, time.Now(), true); err != nil {
 						slog.Error("could not recalculate risk history", "err", err)
 						return
 					}

cmd/devguard-cli/commands/scan.go

@@ -4,9 +4,9 @@ import (
 	"log/slog"
 	"time"
 
-	assetversion "github.com/l3montree-dev/devguard/internal/assetVersion"
 	"github.com/l3montree-dev/devguard/internal/core"
 	"github.com/l3montree-dev/devguard/internal/core/asset"
+	"github.com/l3montree-dev/devguard/internal/core/assetversion"
 	"github.com/l3montree-dev/devguard/internal/core/flaw"
 	"github.com/l3montree-dev/devguard/internal/core/normalize"
 	"github.com/l3montree-dev/devguard/internal/core/vulndb/scan"
@@ -53,7 +53,7 @@ func newSbomCommand() *cobra.Command {
 				return
 			}
 			for _, assetVersion := range assetVersions {
-				components, err := componentRepository.LoadAllLatestComponentFromAssetVersion(nil, assetVersion)
+				components, err := componentRepository.LoadAllLatestComponentFromAssetVersion(nil, assetVersion, "")
 
 				// group the components by scanner
 				scannerComponents := make(map[string][]models.ComponentDependency)
@@ -65,7 +65,6 @@ func newSbomCommand() *cobra.Command {
 				}
 
 				for scanner, scannerComponents := range scannerComponents {
-
 					now := time.Now()
 					// build the sbom of the asset
 
@@ -86,7 +85,7 @@ func newSbomCommand() *cobra.Command {
 
 					amountOpened, amountClosed, flaws, err := assetVersionService.HandleScanResult(
 						// TODO: add the correct asset
-						models.AssetNew{},
+						models.Asset{},
 						assetVersion,
 						vulns,
 						scanner,

cmd/devguard/api/api.go

@@ -23,10 +23,11 @@ import (
 
 	"github.com/google/uuid"
 	"github.com/l3montree-dev/devguard/internal/accesscontrol"
-	assetversion "github.com/l3montree-dev/devguard/internal/assetVersion"
+
 	"github.com/l3montree-dev/devguard/internal/auth"
 	"github.com/l3montree-dev/devguard/internal/core"
 	"github.com/l3montree-dev/devguard/internal/core/asset"
+	"github.com/l3montree-dev/devguard/internal/core/assetversion"
 	"github.com/l3montree-dev/devguard/internal/core/flaw"
 	"github.com/l3montree-dev/devguard/internal/core/integrations"
 	"github.com/l3montree-dev/devguard/internal/core/intoto"
@@ -43,7 +44,7 @@ import (
 )
 
 type assetRepository interface {
-	ReadBySlug(projectID uuid.UUID, slug string) (models.AssetNew, error)
+	ReadBySlug(projectID uuid.UUID, slug string) (models.Asset, error)
 }
 
 type assetVersionRepository interface {

internal/core/asset/asset_controller.go

@@ -18,18 +18,18 @@ import (
 
 // we use this in multiple files in the asset package itself
 type repository interface {
-	repositories.Repository[uuid.UUID, models.AssetNew, core.DB]
-	FindByName(name string) (models.AssetNew, error)
-	FindOrCreate(tx core.DB, name string) (models.AssetNew, error)
-	GetByProjectID(projectID uuid.UUID) ([]models.AssetNew, error)
-	ReadBySlug(projectID uuid.UUID, slug string) (models.AssetNew, error)
+	repositories.Repository[uuid.UUID, models.Asset, core.DB]
+	FindByName(name string) (models.Asset, error)
+	FindOrCreate(tx core.DB, name string) (models.Asset, error)
+	GetByProjectID(projectID uuid.UUID) ([]models.Asset, error)
+	ReadBySlug(projectID uuid.UUID, slug string) (models.Asset, error)
 	GetAssetIDBySlug(projectID uuid.UUID, slug string) (uuid.UUID, error)
-	Update(tx core.DB, asset *models.AssetNew) error
-	ReadBySlugUnscoped(projectID uuid.UUID, slug string) (models.AssetNew, error)
+	Update(tx core.DB, asset *models.Asset) error
+	ReadBySlugUnscoped(projectID uuid.UUID, slug string) (models.Asset, error)
 }
 
 type assetService interface {
-	UpdateAssetRequirements(asset models.AssetNew, responsible string, justification string) error
+	UpdateAssetRequirements(asset models.Asset, responsible string, justification string) error
 }
 
 type httpController struct {

internal/core/asset/asset_dto.go

@@ -29,8 +29,8 @@ func sanitizeRequirementLevel(level string) models.RequirementLevel {
 	}
 }
 
-func (a *createRequest) toModel(projectID uuid.UUID) models.AssetNew {
-	return models.AssetNew{
+func (a *createRequest) toModel(projectID uuid.UUID) models.Asset {
+	return models.Asset{
 		Name:        a.Name,
 		Slug:        slug.Make(a.Name),
 		ProjectID:   projectID,
@@ -64,7 +64,7 @@ type patchRequest struct {
 }
 
 func (a *patchRequest) applyToModel(
-	asset *models.AssetNew,
+	asset *models.Asset,
 ) bool {
 	updated := false
 	if a.Name != nil {

internal/core/asset/asset_service.go

@@ -26,10 +26,10 @@ import (
 )
 
 type assetRepository interface {
-	Save(tx core.DB, asset *models.AssetNew) error
+	Save(tx core.DB, asset *models.Asset) error
 	Transaction(txFunc func(core.DB) error) error
 
-	GetByAssetID(assetID uuid.UUID) (models.AssetNew, error)
+	GetByAssetID(assetID uuid.UUID) (models.Asset, error)
 }
 
 type flawRepository interface {
@@ -38,7 +38,7 @@ type flawRepository interface {
 }
 
 type flawService interface {
-	RecalculateRawRiskAssessment(tx core.DB, responsible string, flaws []models.Flaw, justification string, asset models.AssetNew) error
+	RecalculateRawRiskAssessment(tx core.DB, responsible string, flaws []models.Flaw, justification string, asset models.Asset) error
 }
 
 type service struct {
@@ -57,11 +57,11 @@ func NewService(assetRepository assetRepository, flawRepository flawRepository,
 	}
 }
 
-func (s *service) GetByAssetID(assetID uuid.UUID) (models.AssetNew, error) {
+func (s *service) GetByAssetID(assetID uuid.UUID) (models.Asset, error) {
 	return s.assetRepository.GetByAssetID(assetID)
 }
 
-func (s *service) UpdateAssetRequirements(asset models.AssetNew, responsible string, justification string) error {
+func (s *service) UpdateAssetRequirements(asset models.Asset, responsible string, justification string) error {
 	err := s.flawRepository.Transaction(func(tx core.DB) error {
 
 		err := s.assetRepository.Save(tx, &asset)

internal/assetVersion/asset_version_controller.go → internal/core/assetversion/asset_version_controller.go

@@ -17,17 +17,17 @@ import (
 
 type assetVersionComponentsLoader interface {
 	GetVersions(tx core.DB, assetVersion models.AssetVersion) ([]string, error)
-	LoadComponents(tx core.DB, assetVersion models.AssetVersion, scanner, version string) ([]models.ComponentDependency, error)
+	LoadComponents(tx core.DB, assetVersionName string, assetID uuid.UUID, scanner, version string) ([]models.ComponentDependency, error)
 }
 type assetVersionService interface {
 	BuildSBOM(assetVersion models.AssetVersion, version, orgName string, components []models.ComponentDependency) *cdx.BOM
-	BuildVeX(asset models.AssetNew, assetVersion models.AssetVersion, version, orgName string, components []models.ComponentDependency, flaws []models.Flaw) *cdx.BOM
+	BuildVeX(asset models.Asset, assetVersion models.AssetVersion, version, orgName string, components []models.ComponentDependency, flaws []models.Flaw) *cdx.BOM
 	GetAssetVersionsByAssetID(assetID uuid.UUID) ([]models.AssetVersion, error)
 }
 
 type flawRepository interface {
 	Transaction(txFunc func(core.DB) error) error
-	ListByScanner(assetID uuid.UUID, scannerID string) ([]models.Flaw, error)
+	ListByScanner(assetVersionName string, assetID uuid.UUID, scannerID string) ([]models.Flaw, error)
 
 	SaveBatch(db core.DB, flaws []models.Flaw) error
 
@@ -36,18 +36,18 @@ type flawRepository interface {
 
 type componentRepository interface {
 	SaveBatch(tx core.DB, components []models.Component) error
-	LoadComponents(tx core.DB, assetVersion models.AssetVersion, scanner, version string) ([]models.ComponentDependency, error)
+	LoadComponents(tx database.DB, assetVersionName string, assetID uuid.UUID, scannerID, version string) ([]models.ComponentDependency, error)
 	FindByPurl(tx core.DB, purl string) (models.Component, error)
-	HandleStateDiff(tx database.DB, assetVersionID uuid.UUID, version string, oldState []models.ComponentDependency, newState []models.ComponentDependency) error
+	HandleStateDiff(tx database.DB, assetVersionName string, assetID uuid.UUID, version string, oldState []models.ComponentDependency, newState []models.ComponentDependency) error
 }
 
 type supplyChainRepository interface {
-	PercentageOfVerifiedSupplyChains(assetVersionID uuid.UUID) (float64, error)
+	PercentageOfVerifiedSupplyChains(assetVersionName string, assetID uuid.UUID) (float64, error)
 }
 
 type flawService interface {
-	UserFixedFlaws(tx core.DB, userID string, flaws []models.Flaw, assetVersion models.AssetVersion, asset models.AssetNew, doRiskManagement bool) error
-	UserDetectedFlaws(tx core.DB, userID string, flaws []models.Flaw, assetVersion models.AssetVersion, asset models.AssetNew, doRiskManagement bool) error
+	UserFixedFlaws(tx core.DB, userID string, flaws []models.Flaw, assetVersion models.AssetVersion, asset models.Asset, doRiskManagement bool) error
+	UserDetectedFlaws(tx core.DB, userID string, flaws []models.Flaw, assetVersion models.AssetVersion, asset models.Asset, doRiskManagement bool) error
 	UpdateFlawState(tx core.DB, assetID uuid.UUID, userID string, flaw *models.Flaw, statusType string, justification string, assetVersionName string) (models.FlawEvent, error)
 }
 
@@ -142,7 +142,7 @@ func (a *assetVersionController) AffectedComponents(c core.Context) error {
 }
 
 func (a *assetVersionController) getComponentsAndFlaws(assetVersion models.AssetVersion, scanner, version string) ([]models.ComponentDependency, []models.Flaw, error) {
-	components, err := a.assetVersionComponentsLoader.LoadComponents(nil, assetVersion, scanner, version)
+	components, err := a.assetVersionComponentsLoader.LoadComponents(nil, assetVersion.Name, assetVersion.AssetId, scanner, version)
 	if err != nil {
 		return nil, nil, err
 	}
@@ -177,7 +177,7 @@ func (a *assetVersionController) DependencyGraph(c core.Context) error {
 		return echo.NewHTTPError(400, "scanner query param is required")
 	}
 
-	components, err := a.assetVersionComponentsLoader.LoadComponents(nil, app, scanner, version)
+	components, err := a.assetVersionComponentsLoader.LoadComponents(nil, app.Name, app.AssetId, scanner, version)
 	if err != nil {
 		return err
 	}
@@ -246,7 +246,7 @@ func (a *assetVersionController) buildSBOM(c core.Context) (*cdx.BOM, error) {
 		return nil, echo.NewHTTPError(400, "scanner query param is required")
 	}
 
-	components, err := a.assetVersionComponentsLoader.LoadComponents(nil, assetVersion, scanner, version)
+	components, err := a.assetVersionComponentsLoader.LoadComponents(nil, assetVersion.Name, assetVersion.AssetId, scanner, version)
 	if err != nil {
 		return nil, err
 	}
@@ -293,7 +293,7 @@ func (a *assetVersionController) Metrics(c core.Context) error {
 	assetVersion := core.GetAssetVersion(c)
 	scannerIds := []string{}
 	// get the latest events of this asset per scan type
-	err := a.assetVersionRepository.GetDB(nil).Table("flaws").Select("DISTINCT scanner_id").Where("asset_version_id  = ?", assetVersion.ID).Pluck("scanner_id", &scannerIds).Error
+	err := a.assetVersionRepository.GetDB(nil).Table("flaws").Select("DISTINCT scanner_id").Where("asset_version_name  = ? AND asset_version_asset_id = ?", assetVersion.Name, assetVersion.AssetId).Pluck("scanner_id", &scannerIds).Error
 
 	if err != nil {
 		return err
@@ -313,7 +313,7 @@ func (a *assetVersionController) Metrics(c core.Context) error {
 	}
 
 	// check if in-toto is enabled
-	verifiedSupplyChainsPercentage, err := a.supplyChainRepository.PercentageOfVerifiedSupplyChains(assetVersion.ID)
+	verifiedSupplyChainsPercentage, err := a.supplyChainRepository.PercentageOfVerifiedSupplyChains(assetVersion.Name, assetVersion.AssetId)
 	if err != nil {
 		return err
 	}

internal/assetVersion/asset_version_service.go → internal/core/assetversion/asset_version_service.go

@@ -15,21 +15,20 @@ import (
 	"github.com/l3montree-dev/devguard/internal/core/normalize"
 	"github.com/l3montree-dev/devguard/internal/core/risk"
 	"github.com/l3montree-dev/devguard/internal/database/models"
-	"github.com/l3montree-dev/devguard/internal/database/repositories"
 
 	"github.com/l3montree-dev/devguard/internal/utils"
 	"github.com/package-url/packageurl-go"
 	"github.com/pkg/errors"
 )
 
 type assetVersionRepository interface {
-	repositories.Repository[uuid.UUID, models.AssetVersion, core.DB]
+	GetDB(core.DB) core.DB
 	Save(tx core.DB, assetVersion *models.AssetVersion) error
 	GetAllAssetsVersionFromDBByAssetID(tx core.DB, assetID uuid.UUID) ([]models.AssetVersion, error)
 }
 
 type assetRepository interface {
-	GetByAssetID(assetID uuid.UUID) (models.AssetNew, error)
+	GetByAssetID(assetID uuid.UUID) (models.Asset, error)
 }
 
 type service struct {
@@ -56,13 +55,13 @@ func (s *service) GetAssetVersionsByAssetID(assetID uuid.UUID) ([]models.AssetVe
 	return s.assetVersionRepository.GetAllAssetsVersionFromDBByAssetID(nil, assetID)
 }
 
-func (s *service) HandleScanResult(asset models.AssetNew, assetVersion models.AssetVersion, vulns []models.VulnInPackage, scanner string, version string, scannerID string, userID string, doRiskManagement bool) (amountOpened int, amountClose int, newState []models.Flaw, err error) {
+func (s *service) HandleScanResult(asset models.Asset, assetVersion models.AssetVersion, vulns []models.VulnInPackage, scanner string, version string, scannerID string, userID string, doRiskManagement bool) (amountOpened int, amountClose int, newState []models.Flaw, err error) {
 
 	// create flaws out of those vulnerabilities
 	flaws := []models.Flaw{}
 
 	// load all asset components again and build a dependency tree
-	assetComponents, err := s.componentRepository.LoadComponents(nil, assetVersion, scanner, version)
+	assetComponents, err := s.componentRepository.LoadComponents(nil, assetVersion.Name, assetVersion.AssetId, scanner, version)
 	if err != nil {
 		return 0, 0, []models.Flaw{}, errors.Wrap(err, "could not load asset components")
 	}
@@ -81,7 +80,8 @@ func (s *service) HandleScanResult(asset models.AssetNew, assetVersion models.As
 		v := vuln
 
 		flaw := models.Flaw{
-			AssetVersionID:        assetVersion.ID,
+			AssetVersionName:      assetVersion.Name,
+			AssetID:               asset.ID,
 			CVEID:                 utils.Ptr(v.CVEID),
 			ScannerID:             scannerID,
 			ComponentPurl:         utils.Ptr(v.Purl),
@@ -90,13 +90,11 @@ func (s *service) HandleScanResult(asset models.AssetNew, assetVersion models.As
 			CVE:                   &v.CVE,
 		}
 
-		flaw.FlawAssetID = flaw.CalculateHash(asset.ID.String())
-
 		flaws = append(flaws, flaw)
 	}
 
 	flaws = utils.UniqBy(flaws, func(f models.Flaw) string {
-		return f.CalculateHash(f.AssetVersionID.String())
+		return f.CalculateHash()
 	})
 
 	// let the asset service handle the new scan result - we do not need
@@ -131,9 +129,9 @@ func (s *service) HandleScanResult(asset models.AssetNew, assetVersion models.As
 	return amountOpened, amountClosed, amountExisting, nil
 }
 
-func (s *service) handleScanResult(userID string, scannerID string, assetVersion models.AssetVersion, flaws []models.Flaw, doRiskManagement bool, asset models.AssetNew) (int, int, []models.Flaw, error) {
+func (s *service) handleScanResult(userID string, scannerID string, assetVersion models.AssetVersion, flaws []models.Flaw, doRiskManagement bool, asset models.Asset) (int, int, []models.Flaw, error) {
 	// get all existing flaws from the database - this is the old state
-	existingFlaws, err := s.flawRepository.ListByScanner(assetVersion.ID, scannerID)
+	existingFlaws, err := s.flawRepository.ListByScanner(assetVersion.Name, assetVersion.AssetId, scannerID)
 	if err != nil {
 		slog.Error("could not get existing flaws", "err", err)
 		return 0, 0, []models.Flaw{}, err
@@ -144,7 +142,7 @@ func (s *service) handleScanResult(userID string, scannerID string, assetVersion
 	})
 
 	comparison := utils.CompareSlices(existingFlaws, flaws, func(flaw models.Flaw) string {
-		return flaw.CalculateHash(assetVersion.ID.String())
+		return flaw.CalculateHash()
 	})
 
 	fixedFlaws := comparison.OnlyInA
@@ -247,7 +245,7 @@ func buildBomRefMap(bom normalize.SBOM) map[string]cdx.Component {
 
 func (s *service) UpdateSBOM(assetVersion models.AssetVersion, scannerID string, currentVersion string, sbom normalize.SBOM) error {
 	// load the asset components
-	assetComponents, err := s.componentRepository.LoadComponents(nil, assetVersion, scannerID, currentVersion)
+	assetComponents, err := s.componentRepository.LoadComponents(nil, assetVersion.Name, assetVersion.AssetId, scannerID, currentVersion)
 	if err != nil {
 		return errors.Wrap(err, "could not load asset components")
 	}
@@ -331,7 +329,7 @@ func (s *service) UpdateSBOM(assetVersion models.AssetVersion, scannerID string,
 		return err
 	}
 
-	return s.componentRepository.HandleStateDiff(nil, assetVersion.ID, currentVersion, assetComponents, dependencies)
+	return s.componentRepository.HandleStateDiff(nil, assetVersion.Name, assetVersion.AssetId, currentVersion, assetComponents, dependencies)
 }
 
 func (s *service) BuildSBOM(assetVersion models.AssetVersion, version string, organizationName string, components []models.ComponentDependency) *cdx.BOM {
@@ -428,7 +426,7 @@ func (s *service) BuildSBOM(assetVersion models.AssetVersion, version string, or
 	return &bom
 }
 
-func (s *service) BuildVeX(asset models.AssetNew, assetVersion models.AssetVersion, version string, organizationName string, components []models.ComponentDependency, flaws []models.Flaw) *cdx.BOM {
+func (s *service) BuildVeX(asset models.Asset, assetVersion models.AssetVersion, version string, organizationName string, components []models.ComponentDependency, flaws []models.Flaw) *cdx.BOM {
 	if version == models.NoVersion {
 		version = "latest"
 	}

internal/core/context_utils.go

@@ -138,11 +138,11 @@ func GetAssetVersionSlug(c Context) (string, error) {
 	return assetVersionSlug, nil
 }
 
-func GetAsset(c Context) models.AssetNew {
-	return c.Get("asset").(models.AssetNew)
+func GetAsset(c Context) models.Asset {
+	return c.Get("asset").(models.Asset)
 }
 
-func SetAsset(c Context, asset models.AssetNew) {
+func SetAsset(c Context, asset models.Asset) {
 	c.Set("asset", asset)
 }
 

internal/core/core.go

@@ -58,7 +58,7 @@ func LoadConfig() error {
 
 var V = validator.New()
 
-func GetEnvironmentalFromAsset(m models.AssetNew) Environmental {
+func GetEnvironmentalFromAsset(m models.Asset) Environmental {
 	return SanitizeEnv(Environmental{
 		ConfidentialityRequirements: string(m.ConfidentialityRequirement),
 		AvailabilityRequirements:    string(m.AvailabilityRequirement),